// com.example.myproject.controller.ValuesController.java
package com.example.myproject.controller;

import com.example.myproject.dto.ValuesInfoDTO;
import com.example.myproject.security.JwtAuthenticationFilter;
import com.example.myproject.service.UserService;
import com.example.myproject.vo.ApiResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api/values")
public class ValuesController {

    @Autowired
    private UserService userService;

    @GetMapping("/info")
    public ApiResponse<ValuesInfoDTO> getCurrentUserValues() {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        Long userId = ((JwtAuthenticationFilter.UserPrincipal) auth.getPrincipal()).getId();

        ValuesInfoDTO valuesInfo = userService.getValuesInfo(userId);
        return ApiResponse.success(200, "获取积分信息成功", valuesInfo);
    }

    @GetMapping("/{userId}/info")
    @PreAuthorize("hasRole('ADMIN')") // 添加管理员权限检查
    public ApiResponse<ValuesInfoDTO> getUserValues(@PathVariable Long userId) {
        ValuesInfoDTO valuesInfo = userService.getValuesInfo(userId);
        return ApiResponse.success(200, "获取用户积分信息成功", valuesInfo);
    }
}